EUVD-2003-0158

Malware in sbrugna...

EUVD-2012-5390

Malware in sbrugna...

EUVD-2025-26285

Malicious code in bioql PyPI...

CVE-2025-7082 Belkin F9K1122 webs formBSSetSitesurvey os command injection

A vulnerability was found in Belkin F9K1122 1.00.33 and classified as critical. Affected by this issue is the function formBSSetSitesurvey of the file /goform/formBSSetSitesurvey of the component webs. The manipulation of the argument wanipaddr/wannetmask/wangateway/wlssid is directly passed by t...

WordPress Frontend Admin by DynamiApps plugin <= 3.19.4 - Improper Missing Encryption Exception Handling to Form Manipulation vulnerability

Improper Missing Encryption Exception Handling to Form Manipulation vulnerability discovered by István Márton in WordPress Plugin Frontend Admin by DynamiApps versions = 3.19.4...

[SECURITY] Fedora 40 Update: jericho-html-3.3-30.fc40

Jericho HTML Parser is a java library allowing analysis and manipulation of parts of an HTML document, including server-side tags, while reproducing verbatim any unrecognized or invalid HTML. It also provides high-level HTML form manipulation functions. It is an open source library released under...

Account Spoofing

phpMyFAQ is vulnerable to User Account Spoofing. The vulnerability is due to the user removal page lacking backend validation, allowing an attacker to manipulate form details by intercepting the request via a proxy, which can allow an attacker to trick an admin into removing the account...

CVE-2023-0870

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer...

CVE-2023-0870 Form Can Be Manipulated with Cross-Site Request Forgery (CSRF)

A form can be manipulated with cross-site request forgery in multiple versions of OpenNMS Meridian and Horizon. This can potentially allow an attacker to gain access to confidential information and compromise integrity. The solution is to upgrade to Meridian 2023.1.1 or Horizon 31.0.6 or newer...

CVE-2023-0040

CVE-2023-0040 affects Async HTTP Client prior to 1.13.2. The root cause is insufficient validation of HTTP header field values, enabling CRLF injection that can inject new HTTP header fields or requests into the data stream. Impact described in the connected documents notes that remote servers ma...

LinkedIn: Rate limit Bypass on contact-us through IP Rotator (burp extension)(https://www.linkedin.com/help/linkedin/solve/contact)

hello Team i have found issue on https://www.linkedin.com/help/linkedin/solve/contact , which spam the mail box of victim through alternative email and support team. Steps 1. Go to https://www.linkedin.com/help/linkedin/solve/contact 2. Fill the Form 3. Fill the victim mail id in alternative emai...

Mail.ru: IDOR to edit test/poll/quiz on relap.io

Привет. Здесь сообщение дополнил, как можно найти id формы https://hackerone.com/reports/1106471 Также мы можем любую форму редактировать. PoC: - Открываем свой тест, что-то редачим, сохраняем и ловим запрос - В запросе меняем id домена и в теле запроса id формы - id ответов мы можем смотреть,...

Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read

Title: Secure Computing SnapGear Management Console SG560 3.1.5 - Arbitrary File Read Author:LiquidWorm Date: 2020-06-04 Vendor: http://www.securecomputing.com CVE: N/A Secure Computing SnapGear Management Console SG560 v3.1.5 Arbitrary File Read/Write Vendor: Secure Computing Corp. Product web...

Debian DLA-1592-1 : otrs2 security update

Two security vulnerabilities were discovered in OTRS, a Ticket Request System, that may lead to privilege escalation or arbitrary file write. CVE-2018-19141 An attacker who is logged into OTRS as an admin user may manipulate the URL to cause execution of JavaScript in the context of OTRS...

Facturation System 1.0 - &#039;modid&#039; SQL Injection

Exploit Title: Facturation System 1.0 - 'modid' SQL Injection Dork: N/A Date: 2018-11-08 Exploit Author: Ihsan Sencan Vendor Homepage: http://obedalvarado.pw/simple-invoice/ Software Link: https://kent.dl.sourceforge.net/project/simple-invoice/simple-invoice-master.zip Version: 1.0 Category:...

CVE-2017-16921

In OTRS 6.0.x up to and including 6.0.1, OTRS 5.0.x up to and including 5.0.24, and OTRS 4.0.x up to and including 4.0.26, an attacker who is logged into OTRS as an agent can manipulate form parameters related to PGP and execute arbitrary shell commands with the permissions of the OTRS or web...

Default credentials

An authenticated standard user could reset the password of other users including the admin by altering form data. Affects kanboard before 1.0.46...

WordPress Contact Form Generator plugin cross-site request forgery vulnerability

WordPress is the WordPress Software Foundation a set of blogging platform developed using the PHP language , the platform supports PHP and MySQL servers to set up a personal blog site . contact Form Generator is one of the contact form generator plugin . A cross-site request forgery vulnerability...

蝉知企业门户系统 v3.3csrf修改管理员密码

简要描述： 蝉知企业门户系统 v3.3csrf修改管理员密码 详细说明： 蝉知企业门户系统 v3.3最新版本 存在csrf漏洞 而且我测试的时候发现，即使修改了密码，管理员也不会马上需要重新登陆，所以配合我的回旋镖，可以达到神不知鬼不觉的修改其管理密码 接下来，我就来详细的演示漏洞过程 漏洞证明： 1、我们进入后台，发现没有添加管理员，那么我们来尝试一下修改管理员密码 很有意思，我们发现修改管理员的密码，不需要验证原密码好危险撒！ 那我们再来抓包截断看看有没有token之类的验证 2、用burpsuite截断 我的小伙伴们都惊呆了 有木有？？ 没有验证，就两个password...

vanilla forum tagging plug-in enchanced 1.0.1 - Stored XSS

No description provided by source. Title: Vanilla Tagging Enchanced 1.0.1 Stored XSS Date: 1/6/12 Author: Henry Hoggard Author URL: henryhoggard.co.uk Author Twitter: @henryhoggard Software: Vanilla Version 2.0.18.4 + Tagging Enhanced plugin 1.0.1 http://vanillaforums.org/download...